公开(公告)号：US10896267B2

公开(公告)日：2021-01-19

申请号：US15420736

申请日：2017-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Pratyusa K Manadhata ,  Christopher L. Dalton ,  Adrian Shaw ,  Stuart Haber

IPC: G06F21/78 ,  H04L9/06 ,  G06F12/14 ,  G06F21/80 ,  G06F21/79 ,  G06F21/60 ,  G06F21/72 ,  G06F21/64

Abstract: Examples relate to Input/Output (I/O) data encryption and decryption. In an example, an encryption/decryption engine on an Integrated Circuit (IC) of a computing device obtains at least one plaintext data. Some examples determine, by the encryption/decryption engine, whether the at least one plaintext data is to be sent to a memory in the computing device or to an I/O device. Some examples apply, when the at least one plaintext data is to be sent to the I/O device and by the encryption/decryption engine, an encryption primitive of a block cipher encryption algorithm to the at least one plaintext data to create output encrypted data, wherein an initialization vector that comprises a random number is applied to the encryption primitive.

公开(公告)号：US10805318B2

公开(公告)日：2020-10-13

申请号：US15755880

申请日：2015-08-28

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Pratyusa K Manadhata

IPC: G06F12/14 ,  H04L29/06 ,  H04L12/26 ,  H04L29/12

Abstract: Examples classify a payload field within a domain name system (DNS) packet according to a level of risk associated with the payload field. Based on the classification of the payload field and based on a weight associated with the level of risk, the examples determine a value of the DNS packet. Based on the value, the examples identify whether the DNS packet is malicious.

公开(公告)号：US10474820B2

公开(公告)日：2019-11-12

申请号：US15319539

申请日：2014-06-17

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Pratyusa K Manadhata

IPC: G06F21/57 ,  G06F16/435 ,  G06F16/955 ,  G06F21/55 ,  H04L29/06 ,  H04L29/12

Abstract: Systems and methods associated with domain name system (DNS) based infection scores. One example method includes maintaining query profiles for members of a set of clients in a network. The query profiles may be maintained based on DNS queries sent from the members of the set of clients, and on DNS responses received by the members of the set of clients. The method also includes generating infection scores for the members of the set of clients based on their respective query profiles. The method also includes prioritizing a vulnerable member of the set of clients for remedial action. The vulnerable member may be prioritized based on infection scores of members of the set of clients.

公开(公告)号：US20180332056A1

公开(公告)日：2018-11-15

申请号：US15755880

申请日：2015-08-28

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Pratyusa K Manadhata

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/26

CPC classification number: H04L63/1416 ,  H04L43/0829 ,  H04L43/16 ,  H04L61/1511

Abstract: Examples classify a payload field within a domain name system (DNS) packet according to a level of risk associated with the payload field. Based on the classification of the payload field and based on a weight associated with the level of risk, the examples determine a value of the DNS packet. Based on the value, the examples identify whether the DNS packet is malicious.

公开(公告)号：US11310247B2

公开(公告)日：2022-04-19

申请号：US15386101

申请日：2016-12-21

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Pratyusa K Manadhata ,  Sandeep N Bhatt ,  Tomas Sander

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12 ,  G06N5/02 ,  G06N20/00 ,  G06F16/2458 ,  H04L67/02 ,  H04L61/4511 ,  H04L67/306 ,  H04L67/10

Abstract: A machine-readable medium may store instructions executable by a processing resource to access log data of an enterprise and extract time-series data of an enterprise entity from the log data. The time-series data may include measured feature values of a set of selected features over a series of time periods. The instructions may be further executable to train a predictive model specific to the enterprise entity using the time-series data, wherein the predictive model is to generate, for a particular time period, a predicted feature value for each of the selected features; access actual feature values of the enterprise entity for the particular time period; apply first-level deviation criteria to the actual feature value and the predicted feature value of each selected feature to identify deviant features of the enterprise entity; and apply second-level deviation criteria to the identified deviant features to identify the enterprise entity as behaving abnormally.

公开(公告)号：US20180176241A1

公开(公告)日：2018-06-21

申请号：US15386101

申请日：2016-12-21

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Pratyusa K Manadhata ,  Sandeep N Bhatt ,  Tomas Sander

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12 ,  H04L12/26 ,  G06F17/30 ,  G06N5/02 ,  G06N99/00

CPC classification number: H04L63/1425 ,  G06F16/2477 ,  G06N5/022 ,  G06N20/00 ,  H04L61/1511 ,  H04L67/02 ,  H04L67/10 ,  H04L67/306

Abstract: A machine-readable medium may store instructions executable by a processing resource to access log data of an enterprise and extract time-series data of an enterprise entity from the log data. The time-series data may include measured feature values of a set of selected features over a series of time periods. The instructions may be further executable to train a predictive model specific to the enterprise entity using the time-series data, wherein the predictive model is to generate, for a particular time period, a predicted feature value for each of the selected features; access actual feature values of the enterprise entity for the particular time period; apply first-level deviation criteria to the actual feature value and the predicted feature value of each selected feature to identify deviant features of the enterprise entity; and apply second-level deviation criteria to the identified deviant features to identify the enterprise entity as behaving abnormally.

公开(公告)号：US20170323102A1

公开(公告)日：2017-11-09

申请号：US15319539

申请日：2014-06-17

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Pratyusa K Manadhata

IPC: G06F21/57 ,  G06F21/55 ,  G06F17/30 ,  H04L29/06

CPC classification number: G06F21/57 ,  G06F16/435 ,  G06F16/9554 ,  G06F21/55 ,  H04L61/1511 ,  H04L63/0236 ,  H04L63/101 ,  H04L63/1441

Abstract: Systems and methods associated with domain name system (DNS) based infection scores. One example method includes maintaining query profiles for members of a set of clients in a network. The query profiles may be maintained based on DNS queries sent from the members of the set of clients, and on DNS responses received by the members of the set of clients. The method also includes generating infection scores for the members of the set of clients based on their respective query profiles. The method also includes prioritizing a vulnerable member of the set of clients for remedial action. The vulnerable member may be prioritized based on infection scores of members of the set of clients.

公开(公告)号：US20170163670A1

公开(公告)日：2017-06-08

申请号：US15116018

申请日：2014-04-30

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Pratyusa K Manadhata ,  William G. Horne

IPC: H04L29/06 ,  H04L29/12

CPC classification number: H04L63/1425 ,  H04L61/1511 ,  H04L63/0227 ,  H04L63/101 ,  H04L63/1416 ,  H04L63/1441 ,  H04L67/42

Abstract: Systems and methods associated with packet logging are described. One example method includes testing a packet obtained from a packet stream against a whitelist and a blacklist. The method also includes dropping the packet when the packet tests positive against the whitelist. The method also includes providing the packet to a security manager when the packet tests positive against the blacklist. The method also includes logging the packet when the packet tests negative against the whitelist.